使用 PowerShell 备份已加密 Azure 虚拟机Back up an encrypted Azure virtual machine with PowerShell

此脚本为已加密 Azure 虚拟机创建包含异地冗余存储 (GRS) 的恢复服务保管库。This script creates a Recovery Services vault with Geo-redundant storage (GRS) for an encrypted Azure virtual machine. 默认保护策略已应用到此保管库。The default protection policy is applied to the vault. 此策略为虚拟机生成每日备份,并将每个备份保留 30 天。The policy generates a daily backup for the virtual machine, and retains each backup for 30 days. 该脚本还将触发虚拟机的初始恢复点,并将该恢复点保留 365 天。The script also triggers the initial recovery point for the virtual machine and retains that recovery point for 365 days.

本示例需要 Azure PowerShell Az 1.0 或更高版本。This sample requires Azure PowerShell Az 1.0 or later. 运行 Get-Module -ListAvailable Az,查看已安装哪些版本。Run Get-Module -ListAvailable Az to see which versions are installed. 如果需要安装,请参阅安装 Azure PowerShell 模块If you need to install, see Install Azure PowerShell module.

运行 Connect-AzAccount -Environment AzureChinaCloud 以登录到 Azure 中国。Run Connect-AzAccount -Environment AzureChinaCloud to sign in to Azure China.

如果没有 Azure 试用版订阅,请在开始前创建一个试用版订阅If you don't have an Azure trail subscription, create a trial subscription before you begin.

示例脚本Sample script

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

清理部署Clean up deployment

运行以下命令来删除资源组、VM 和所有相关资源。Run the following command to remove the resource group, VM, and all related resources.

Remove-AzResourceGroup -Name myResourceGroup

脚本说明Script explanation

此脚本使用以下命令创建部署。This script uses the following commands to create the deployment. 表中的每一项均链接到特定于命令的文档。Each item in the table links to command specific documentation.

命令Command 注释Notes
New-AzResourceGroupNew-AzResourceGroup 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
New-AzRecoveryServicesVaultNew-AzRecoveryServicesVault 创建用于存储备份的恢复服务保管库。Creates a recovery services vault to store backups.
Set-AzRecoveryServicesBackupPropertySet-AzRecoveryServicesBackupProperty 设置恢复服务保管库的备份存储属性。Sets backup storage properties on Recovery Services vault.
New-AzRecoveryServicesBackupProtectionPolicyNew-AzRecoveryServicesBackupProtectionPolicy 在恢复服务保管库中使用计划策略和保留策略创建保护策略。Creates protection policy using schedule policy and retention policy in Recovery Services vault.
Set-AzKeyVaultAccessPolicySet-AzKeyVaultAccessPolicy 设置对 Key Vault 的权限,授予服务主体访问加密密钥的权限。Sets permissions on the Key Vault to grant the service principal access to encryption keys.
Enable-AzRecoveryServicesBackupProtectionEnable-AzRecoveryServicesBackupProtection 使用指定的备份保护策略为某一项启用备份。Enables backup for an item with a specified Backup protection policy.
Set-AzRecoveryServicesBackupProtectionPolicySet-AzRecoveryServicesBackupProtectionPolicy 修改现有备份保护策略。Modifies an existing Backup protection policy.
Backup-AzRecoveryServicesBackupItemBackup-AzRecoveryServicesBackupItem 为未绑定到备份计划的受保护 Azure 备份项启动备份。Starts a backup for a protected Azure Backup item that is not tied to the backup schedule.
Wait-AzRecoveryServicesBackupJobWait-AzRecoveryServicesBackupJob 等待 Azure 备份作业完成。Waits for an Azure Backup job to finish.
Remove-AzResourceGroupRemove-AzResourceGroup 删除资源组及其中包含的所有资源。Removes a resource group and all resources contained within.

后续步骤Next steps

有关 Azure PowerShell 模块的详细信息,请参阅 Azure PowerShell 文档For more information on the Azure PowerShell module, see Azure PowerShell documentation.